Is it possible to add new Layer 7 rules?

wilhelm · 8 May 2020 07:47

Is it possible to add new Layer 7 Rules for QoS?

ms · 8 May 2020 08:57

In theory, yes. They are in /etc/l7-protocols/protocols and you can add more.

They are all regular expressions and plenty of them are of poor quality or for protocols that nobody is using any more.

What would be your need for this?

dougman · 8 May 2020 15:32

I think it would be nice if we could make one for Zoom/Teams or Netflix (DASH). There are a lot of new services out there that don’t use specific (identifiable) ports, and can’t be classified easily. Netflix hogging bandwidth is a big problem now during covid-19, even within individual homes.

pike_it · 8 May 2020 15:55

nDPI could be an option?

ms · 8 May 2020 17:12

True, but I am not sure whether you will be able to identify this looking at the packets. You will probably see a very simple TLS connection and that is it.

What would work though is checking from which AS the traffic is coming and filter or de-prioritise that. We have plans for that because we are building a replacement for the GeoIP database and that would also include AS information.

However, we are busy with plenty of projects now, so that this is merely a side-thing for the moment. If someone is interested in helping us out, please don’t hesitate

wilhelm · 11 May 2020 19:22

Ok thats much harder then i tought it would be. It would be really nice if Domain Names could be used for Source/Destination.

@ms Another Question for you. Should ECN be enabled for QoS (on the client)?

ms · 11 May 2020 19:56

I would say yes. We usually have it enabled on IPFire.

dougman · 12 May 2020 02:32

Ok, so I guess 7 protocols won’t help much here. That nDPI thing looks interesting, has anyone here tried it before? I’d have to do a lot of research if I were to try to use it… also I’m not sure how to integrate it into ipfire, although I found this

Also, what did AS stand for? Is that like a database of IP’s used by companies?

pmueller · 12 May 2020 07:46

Hi,

Also, what did AS stand for? Is that like a database of IP’s used by companies?

AS stands for “Autonomous System”. You can see it that way, although it is more related
to public routing via BGP.

Thanks, and best regards,
Peter Müller

ms · 12 May 2020 08:39

I don’t think nDPI looks good. It is very messy code which might have plenty of holes - you are operating inside the kernel here. And last time I checked it was unmaintained. There are plenty of forks out there, but they are all dead for years AFAIK.